Stored Cross-Site Scripting Vulnerability in Jenkins Email Extension Plugin
CVE-2023-25763
5.4MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 15 February 2023
What is CVE-2023-25763?
The Jenkins Email Extension Plugin versions 2.93 and earlier are susceptible to a stored cross-site scripting (XSS) vulnerability. This arises from the lack of proper escaping for various fields included in the email templates that are bundled with the plugin. Attackers who can manipulate these fields could exploit the vulnerability, executing arbitrary scripts in the context of the affected user's session.
Affected Version(s)
Jenkins Email Extension Plugin <= 2.93
Jenkins Email Extension Plugin 2.89.0.1